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CLAIMS : 




1. A method in a data processing/ system for maintaining 
secure user private keys in a non -/secure storage device, 
said method comprising the steps of: 

establishing a master key pair for said system, said 
master key pair including a master private key and a master 
public key; / 

storing said master kew pair in a protected storage 
device; / 

establishing a unique user key pair for a user, said 
user key pair including ej user private key and a user public 



encrypting said user private' key utilizing said master 
public key; and / 



secure storage devicfc, wherein said encrypted user private 
key is secure while /stored in said non-secure storage 
device . / 

2. The method ac/cording to claim 1, further comprising the 
steps of : / 

establishing an encryption device having an encryption 
engine and said/protected storage device; and 



key; 



storing said en< 



ted user private key in said non- 



said projected storage device being accessible only 
through said encryption engine. 
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3. The method according to claim 2, further comprising the 
step of said encryption engine encrypting said user private 
key utilizing said master public ke^ stored in said 
protected storage device 

4. The method according to claim 3, further comprising the 
steps of: 

an application generating aj message to transmit to a 
recipient ; 

said encryption engine decrypting said user private key 
utilizing said master private icey; 

said encryption engine encrypting said message 
utilizing said decrypted user private key and a recipient's 
public key; and 

said system transmitt/ng said encrypted message to said 
recipient . 

5. The method according to claim 4, wherein the step of 
establishing a user key pair further comprises the step of 
associating said user key pair with an application.' 
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6. The method according to claim/ 5, further comprising the 
steps of: 



3 
4 
5 



establishing a certificate, teaid certificate being 
associated with said application/ said user private key, and 
said user; 



6 
7 
8 
9 
10 



in response to said user attempting to access said 
application utilizing said certificate, said encryption 
engine utilizing said certificate to determine a location 
within said non-secure storage device for said user private 
key associated with said certificate; 



1PU 



3 



said encryption engines decrypting said user private 
key ; and 

said encryption engine utilizing said decrypted user 
private key to encrypy messages transmitted by said 
application. 

7. The method according to claim 6, wherein said step of 
storing said user/private key in said non-secure storage 
further comprises the step of storing said user private key 
in a hard drive 
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8. The methfod according to claim 7, further comprising the 
step' of said user key pair being capable of being utilized 
only in sa/d data processing system wherein said user key 
pair is established, wherein said user key pair is not 
capable pf being utilized in a second data processing 
system J 
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1 ^/ 9. A data processing system for Maintaining secure user 

2 private keys in a non-secure storage device, comprising: 



3 
4 
5 
6 



an encryption device included within said system for 
establishing a master key pair far said system, said master 
key pair including a master priyate key and a master public 
key; 



7 
8 



a protected storage device for storing said master key 



pair; 



9 said encryption device executing code for establishing 

ltfrj a unique user key pair for a user, said user key pair 

11U including a user private kek and a user public key; 

\%2 said encryption device executing code for encrypting 

13H said user private key utilizing said master public key; and 
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said non-secure storage device for storing said 
encrypted user private key, wherein said encrypted user 
private key is secure wtyile stored in said non-secure 
storage device . 

10. The system according to claim 9, further . comprising 

said encryption /device including an encryption engine 
and said protected sycorage device; and 



4 
5 



said protected storage device capable of being accessed 
only through said /encryption engine. 
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11. The system according to claim/lO, further comprising 
said encryption engine executing ccode for encrypting said 
user private key utilizing said master public key stored in 
said protected storage device. 



12. The system according to cyaim 11, further comprising: 



2 
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an application capable of generating a message to 
transmit to a recipient; 
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said encryption engines executing code for decrypting 
said user private key utilizing said master private key; 

said encryption engine executing code for encrypting 
said message utilizing s/aid decrypted user private key and a 
recipient's public key;/ and 

said system transmitting said encrypted message to said 
recipient . 

13. The system according to claim 12, further comprising 
said system executing code for associating said user key 
pair with an application. 



RP9-98-089 




2 
3 
4 



14. The system according to claim 13, further comprising: 

said system executing code for establishing a 
certificate, said certificate baring associated with said 
application, said user private /key, and said user; 
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in response to said user/ attempting to access said 
application utilizing said certificate, said encryption 
engine executing code utilizing said certificate for 
determining a location within said non- secure storage device 
for said user private key associated with said certificate; 
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said encryption engine executing code for decrypting 
said user private key pair; and 

said encryption engine capable of utilizing said 
decrypted user private/ key to encrypt messages transmitted 
by said application. 

15. The system according to claim 14, further comprising 
said system executing code for storing said user private key 
in a hard drive. 
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16. The system according to claim 15, further comprising 
said user key payr being capable of being utilized only in 
said data processing system wherein said user key pair is 
established, wherein said user key pair is not capable of 
being utilized/in a second data processing system. 
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1 17. A data processing system for ma/intaining secure user 

2 private keys in a non-secure hard drive, comprising: 

3 an encryption device including an encryption engine and 

4 a protected storage device for establishing a master key 

5 pair for said system, said mastefr key pair including a 

6 master private key and a master/ public key, said protected 

7 storage device for storing said master key pair, said 

8 protected storage device capable of being accessed only 

9 through said encryption engine; 

10 said encryption device/executing code for establishing 

■sea / 

IK a unique user key pair for /a user, said user key pair 

lUi including a user ptfiVate key and a user public key, said 

1^ : ! user key pair being gapabie of being utilized only in said 

1:4^ data processing sysuem yllerein said user key pair is 

l^H established, wherein safi/d user key pair is not capable of 

IS being utilized in a seoond data processing system; 

iM said system executing code for associating said user 

ltej key pair with an application; 

sU I 

/ 

19 said encryption device executing code for encrypting 

20 said user private key utilizing said master private key 

21 stored in said protected storage device; 

22 said non-sedUre hard drive for storing said encrypted 

23 user private key/ wherein said encrypted user private key is 

24 secure while stored in said non- secure hard drive; 

25 an application capable of generating a message to 

26 transmit to a /recipient; 
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27 said system executing code for establishing a 

28 certificate, said certificate being^ associated with said 

29 application, said user private key, and said user; 

30 storing said certificate In said non-secure hard drive; 

31 in response to said usier attempting to access said 

32 . application utilizing said^ certificate, said encryption 

33 engine executing ^d^ut/lizing said certificate for 

34 determining a location ywithin said non- secure hard drive for 

35 said user private We^yassociated with said certificate; 

said encryption engine executing code for decrypting 

3fy said user private/key; 

3&2 said encryption engine capable of utilizing said 

3§U decrypted user private key to encrypt messages transmitted 

4CT by said application; and 

4^ saica system transmitting said encrypted message to said 

4£j recipient. 



